A new cyberattack that spread across Europe and the U.S. last week was a type of ransomware very similar to the recent WannaCry outbreak, experts say.
The attack, which security experts dubbed Petya (or Petrwrap), exploits the “EternalBlue” vulnerability developed by the NSA and leaked online earlier this year.
Microsoft released a patch for the EternalBlue vulnerability prior to WannaCry’s spread in May.
The Petya ransomware has been circulating since 2016, but its spread has quickened thanks to malicious upgrades like the use of EternalBlue.
According to Wired Magazine, the ransomware has two ways to infect a computer.
“The main malware infects a computer’s master boot record, and then attempts to encrypt its master file table (MFT). If it can’t detect the MFT, though, it turns operations over to its other component, a ransomware that Petya incorporates called Mischa, and simply encrypts all the files on the computer’s hard drive the way most ransomware does.”
Once infected a computer displays a black screen with red text with a message about the encrypted files.
Victims are told to pay a $300 ransom demand, payable in bitcoin, according to reports.
The WannaCry attack was stopped in part because the virus included a “kill switch,” however the Petya attack doesn’t appear to incorporate the same errors.
Chivaroli and Associates Insurance Services is a full-service brokerage firm specializing in the custom-design and placement of insurance and alternative risk funding solutions for your healthcare organization.